﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;

public partial class Account_Login : System.Web.UI.Page
{
    class_database _db;
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
    protected void btnLoginServer_Click(object sender, EventArgs e)
    {
        _db = new class_database();
        string struser = HttpUtility.HtmlDecode(txt_user.Text.Trim());
        string strpass = HttpUtility.HtmlDecode(txt_pass.Text.Trim());
        struser = struser.Replace("'", "''");
        strpass = strpass.Replace("'", "''");
        if (this.CheckExistUser(struser))
        {
            bool checkUser = this.CheckUser(struser, strpass);
            if (checkUser)
            {
                Login.Style["display"] = "none";
                Session["username"] = "admin";
                string url = "~/AdminPage.aspx";
                Response.Redirect(url);
            }
            else
            {
                strError.Style["display"] = "block";
            }
        }
        else
        {
            strError.Style["display"] = "block";
        }
    }
    private bool CheckExistUser(string _user) 
    {
        _db = new class_database();
        string sql = "SELECT * FROM member WHERE username = @UserName";
        DataTable dt = new DataTable();
        string[] ArrayParameters = new[] { "@UserName" };
        string[] ArrayValues = new[] { _user };
        dt = _db.GetDatatableWithParameters(sql, ArrayParameters, ArrayValues);
        if (dt != null && dt.Rows.Count > 0)
        {
            return true;
        } else
            return false;
    }
    private bool CheckUser(string _user, string _pass)
    {
        _db = new class_database();
        _pass = class_string.EncryptMD5(_pass);
        //Response.Write(_pass);
        string Sql = "select * from member where username = @UserName and password = @PassWord and active = 1 ";
        DataTable dt = new DataTable();
        string[] ArrParameters = new[] { "@UserName", "@PassWord" };
        string[] ArrValues = new[] { _user, _pass };
        dt = _db.GetDatatableWithParameters(Sql, ArrParameters, ArrValues);
        if (dt != null && dt.Rows.Count > 0)
            return true; // Tồn tại
        else
            return false;
    }

}
